Route Origin Authorization

$ rpki-client -vvf rsync.rp.ki/repo/misakaio/2/AS32519.roa
File:                     AS32519.roa (raw, json)
Hash identifier:          7L3cLuFsE18cCxKttMM1Lvhbkd/9S5JPuVgcd5NyTf0=
Subject key identifier:   45:C4:29:C0:91:E2:AD:CF:37:5A:F0:E1:88:D5:19:FE:71:D7:E2:9D
Certificate issuer:       /CN=359a4b6c6d3713cff3636207de9839058b51815b
Certificate serial:       1A2BE2F20156503700FE5DBBBC440F0A62EAE7AA
Authority key identifier: 35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
Subject info access:      rsync://rsync.rp.ki/repo/misakaio/2/AS32519.roa
Signing time:             Wed 20 Nov 2024 21:30:36 +0000
ROA not before:           Wed 20 Nov 2024 21:25:36 +0000
ROA not after:            Wed 19 Nov 2025 21:30:36 +0000
asID:                     32519
IP address blocks:        45.11.104.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl
                          rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:2b:e2:f2:01:56:50:37:00:fe:5d:bb:bc:44:0f:0a:62:ea:e7:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359a4b6c6d3713cff3636207de9839058b51815b
        Validity
            Not Before: Nov 20 21:25:36 2024 GMT
            Not After : Nov 19 21:30:36 2025 GMT
        Subject: CN=45C429C091E2ADCF375AF0E188D519FE71D7E29D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5c:17:d5:4c:07:98:55:98:7e:f7:7d:d8:20:
                    ef:87:d0:09:23:20:cc:ac:16:6c:15:e4:1d:4b:b4:
                    f9:b1:1b:1e:a2:7e:a7:57:fd:4e:ac:b7:11:75:e0:
                    dc:8f:3f:02:7c:b8:6e:4f:0a:80:0c:03:72:0d:07:
                    a2:1f:7c:a9:b7:af:29:22:af:8d:61:b5:6b:3d:aa:
                    16:5c:c1:9d:34:cb:f1:94:6a:4a:cd:e0:e4:95:7c:
                    1a:a9:36:7b:f7:8a:f7:fa:90:ce:15:0a:45:90:ac:
                    ec:9a:b5:25:9e:74:7e:88:c5:99:20:f3:56:6d:07:
                    d1:6e:fa:4d:91:c0:b2:f4:72:fc:fc:ad:26:08:f2:
                    ec:5b:7b:6a:5b:c0:f5:e2:f1:b6:b4:84:d4:32:84:
                    6e:4a:fa:a2:00:e9:5a:42:20:e4:43:2f:f8:1a:77:
                    3f:ee:58:7a:70:8a:46:3d:ca:ff:24:a4:4c:4f:8f:
                    3f:f1:fb:1c:fa:cd:a3:31:e1:1f:31:94:97:c4:49:
                    f2:69:25:49:fb:91:5b:4f:10:74:49:87:f6:9d:fc:
                    59:cc:01:26:aa:11:83:93:5d:dc:dc:96:49:53:12:
                    40:3c:3f:91:db:4a:a4:37:3d:1d:4c:59:c2:7f:87:
                    f7:ce:63:1b:e7:2a:37:93:40:56:c5:fb:82:02:61:
                    85:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C4:29:C0:91:E2:AD:CF:37:5A:F0:E1:88:D5:19:FE:71:D7:E2:9D
            X509v3 Authority Key Identifier:
                keyid:35:9A:4B:6C:6D:37:13:CF:F3:63:62:07:DE:98:39:05:8B:51:81:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rp.ki/repo/misakaio/2/359A4B6C6D3713CFF3636207DE9839058B51815B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZpLbG03E8_zY2IH3pg5BYtRgVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rp.ki/repo/misakaio/2/AS32519.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:b7:b2:f2:fe:ab:5a:0f:51:4f:51:38:9c:2a:39:9c:76:fe:
         81:48:37:cb:10:88:ec:8f:6a:49:22:cb:4d:1c:71:f4:0c:4b:
         68:64:1a:a3:f1:19:c8:b4:43:11:64:73:1b:11:a7:c3:a0:68:
         59:28:7c:3c:17:06:22:c3:84:66:e7:f1:bb:d6:c9:73:b0:13:
         93:cf:40:d2:9b:b6:40:e9:be:41:ab:3d:ba:0e:4d:1a:ca:9c:
         c5:f4:e8:bf:66:ad:98:56:7b:e7:d8:38:4e:c9:5b:1f:f8:57:
         53:ae:12:d1:b7:14:ed:74:41:60:c5:01:49:1d:aa:66:1a:cc:
         c9:8e:1e:c7:6c:fc:b8:ac:d2:7b:fa:48:65:06:d4:f2:40:da:
         da:33:5c:46:94:49:e4:f9:9d:1a:85:6a:f0:0a:ea:e1:6d:53:
         8d:8a:8a:01:3b:9a:af:fc:04:fb:03:c8:69:9e:92:99:84:0f:
         73:3a:f5:33:20:61:55:0a:f5:15:6b:8a:10:29:1b:9c:37:67:
         f6:0a:69:47:1a:8a:58:8f:23:ea:d4:49:fb:5e:01:ed:c4:d8:
         90:af:9c:48:ce:6d:95:34:9a:2e:de:53:3c:e4:6f:92:0f:1b:
         26:53:68:a7:4a:fb:a7:ac:ba:47:1c:06:9f:98:24:e3:1b:e4:
         c9:0c:ca:b0
-----BEGIN CERTIFICATE-----
MIIEmzCCA4OgAwIBAgIUGivi8gFWUDcA/l27vEQPCmLq56owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU5YTRiNmM2ZDM3MTNjZmYzNjM2MjA3ZGU5ODM5MDU4
YjUxODE1YjAeFw0yNDExMjAyMTI1MzZaFw0yNTExMTkyMTMwMzZaMDMxMTAvBgNV
BAMTKDQ1QzQyOUMwOTFFMkFEQ0YzNzVBRjBFMTg4RDUxOUZFNzFEN0UyOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwXBfVTAeYVZh+933YIO+H0Akj
IMysFmwV5B1LtPmxGx6ifqdX/U6stxF14NyPPwJ8uG5PCoAMA3INB6IffKm3ryki
r41htWs9qhZcwZ00y/GUakrN4OSVfBqpNnv3ivf6kM4VCkWQrOyatSWedH6IxZkg
81ZtB9Fu+k2RwLL0cvz8rSYI8uxbe2pbwPXi8ba0hNQyhG5K+qIA6VpCIORDL/ga
dz/uWHpwikY9yv8kpExPjz/x+xz6zaMx4R8xlJfESfJpJUn7kVtPEHRJh/ad/FnM
ASaqEYOTXdzclklTEkA8P5HbSqQ3PR1MWcJ/h/fOYxvnKjeTQFbF+4ICYYWtAgMB
AAGjggGlMIIBoTAdBgNVHQ4EFgQURcQpwJHirc83WvDhiNUZ/nHX4p0wHwYDVR0j
BBgwFoAUNZpLbG03E8/zY2IH3pg5BYtRgVswDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnN5bmMucnAua2kvcmVwby9taXNha2Fpby8y
LzM1OUE0QjZDNkQzNzEzQ0ZGMzYzNjIwN0RFOTgzOTA1OEI1MTgxNUIuY3JsMGQG
CCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvREVGQVVMVC9OWnBMYkcwM0U4X3pZMklIM3BnNUJZdFJnVnMu
Y2VyMEsGCCsGAQUFBwELBD8wPTA7BggrBgEFBQcwC4YvcnN5bmM6Ly9yc3luYy5y
cC5raS9yZXBvL21pc2FrYWlvLzIvQVMzMjUxOS5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0LaDANBgkq
hkiG9w0BAQsFAAOCAQEAU7ey8v6rWg9RT1E4nCo5nHb+gUg3yxCI7I9qSSLLTRxx
9AxLaGQao/EZyLRDEWRzGxGnw6BoWSh8PBcGIsOEZufxu9bJc7ATk89A0pu2QOm+
Qas9ug5NGsqcxfTov2atmFZ759g4TslbH/hXU64S0bcU7XRBYMUBSR2qZhrMyY4e
x2z8uKzSe/pIZQbU8kDa2jNcRpRJ5PmdGoVq8Arq4W1TjYqKATuar/wE+wPIaZ6S
mYQPczr1MyBhVQr1FWuKECkbnDdn9gppRxqKWI8j6tRJ+14B7cTYkK+cSM5tlTSa
Lt5TPORvkg8bJlNop0r7p6y6RxwGn5gk4xvkyQzKsA==
-----END CERTIFICATE-----